<?php
require_once('Connections/mysqlDB.php');
?>
<?php 
$dbConn = new mysqli(HOST,USER,PWD,DB);
// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
//echo $myusername . '/' . $mypassword . '$$$<br>';
/* prepare statement */
if ($stmt = $dbConn->prepare("SELECT uid, pwd, level FROM directory WHERE uid = ? and pwd = ? ")) {
    $stmt->bind_param('ss', $myusername, $mypassword);
    $stmt->execute(); 
	$stmt->bind_result($col1, $col2, $col3);
	while ($stmt->fetch()) {
	session_register("level"); 
	session_register("myusername");
     $_SESSION['level']=$col3;
	    $_SESSION['myusername']=$col1;
	 $count =1;
	//$stmt->store_result();
	}
}
	
// Mysql_num_row is counting table row
//$count= $stmt->num_rows;
//echo "count: " . $count . "<br>";
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$dbConn->close();
header("location:main.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>